From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/21] Netfilter updates for net-next
Date: Mon, 18 May 2015 18:25:03 +0200 [thread overview]
Message-ID: <1431966324-4494-1-git-send-email-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next. Briefly
speaking, cleanups and minor fixes for ipset from Jozsef Kadlecsik and
Serget Popovich, more incremental updates to make br_netfilter a better
place from Florian Westphal, ARP support to the x_tables mark match /
target from and context Zhang Chunyu and the addition of context to know
that the x_tables runs through nft_compat. More specifically, they are:
1) Fix sparse warning in ipset/ip_set_hash_ipmark.c when fetching the
IPSET_ATTR_MARK netlink attribute, from Jozsef Kadlecsik.
2) Rename STREQ macro to STRNCMP in ipset, also from Jozsef.
3) Use skb->network_header to calculate the transport offset in
ip_set_get_ip{4,6}_port(). From Alexander Drozdov.
4) Reduce memory consumption per element due to size miscalculation,
this patch and follow up patches from Sergey Popovich.
5) Expand nomatch field from 1 bit to 8 bits to allow to simplify
mtype_data_reset_flags(), also from Sergey.
6) Small clean for ipset macro trickery.
7) Fix error reporting when both ip_set_get_hostipaddr4() and
ip_set_get_extensions() from per-set uadt functions.
8) Simplify IPSET_ATTR_PORT netlink attribute validation.
9) Introduce HOST_MASK instead of hardcoded 32 in ipset.
10) Return true/false instead of 0/1 in functions that return boolean
in the ipset code.
11) Validate maximum length of the IPSET_ATTR_COMMENT netlink attribute.
12) Allow to dereference from ext_*() ipset macros.
13) Get rid of incorrect definitions of HKEY_DATALEN.
14) Include linux/netfilter/ipset/ip_set.h in the x_tables set match.
15) Reduce nf_bridge_info size in br_netfilter, from Florian Westphal.
16) Release nf_bridge_info after POSTROUTING since this is only needed
from the physdev match, also from Florian.
17) Reduce size of ipset code by deinlining ip_set_put_extensions(),
from Denys Vlasenko.
18) Oneliner to add ARP support to the x_tables mark match/target, from
Zhang Chunyu.
19) Add context to know if the x_tables extension runs from nft_compat,
to address minor problems with three existing extensions.
20) Correct return value in several seqfile *_show() functions in the
netfilter tree, from Joe Perches.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit 9449c3cd90472141cf081af88181a56163ff7132:
net: make skb_dst_pop routine static (2015-05-12 23:19:49 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
for you to fetch changes up to 861fb1078fd4ea09b442987b3e20fced0f15eb92:
netfilter: Use correct return for seq_show functions (2015-05-17 17:25:35 +0200)
----------------------------------------------------------------
Alexander Drozdov (1):
netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset
Denys Vlasenko (1):
netfilter: ipset: deinline ip_set_put_extensions()
Florian Westphal (2):
netfilter: bridge: neigh_head and physoutdev can't be used at same time
netfilter: bridge: free nf_bridge info on xmit
Joe Perches (1):
netfilter: Use correct return for seq_show functions
Jozsef Kadlecsik (3):
netfilter: ipset: Fix sparse warning
netfilter: ipset: Give a better name to a macro in ip_set_core.c
netfilter: ipset: Use better include files in xt_set.c
Pablo Neira Ayuso (1):
netfilter: x_tables: add context to know if extension runs from nft_compat
Sergey Popovich (11):
netfilter: ipset: Properly calculate extensions offsets and total length
netfilter: ipset: No need to make nomatch bitfield
netfilter: ipset: Preprocessor directices cleanup
netfilter: ipset: Return ipset error instead of bool
netfilter: ipset: Check IPSET_ATTR_PORT only once
netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len
netfilter: ipset: Return bool values instead of int
netfilter: ipset: Check for comment netlink attribute length
netfilter: ipset: Fix ext_*() macros
netfilter: ipset: Fix hashing for ipv6 sets
netfilter: ipset: Improve preprocessor macros checks
Zhang Chunyu (1):
netfilter: xt_MARK: Add ARP support
include/linux/netfilter/ipset/ip_set.h | 32 +++-------------
include/linux/netfilter/x_tables.h | 2 +
include/linux/skbuff.h | 8 ++--
net/bridge/br_netfilter.c | 19 +++++++++-
net/bridge/netfilter/ebt_stp.c | 6 ++-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 +++
net/netfilter/ipset/ip_set_bitmap_ip.c | 17 ++++++---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 13 +++++--
net/netfilter/ipset/ip_set_bitmap_port.c | 3 +-
net/netfilter/ipset/ip_set_core.c | 49 ++++++++++++++++++------
net/netfilter/ipset/ip_set_getport.c | 6 ++-
net/netfilter/ipset/ip_set_hash_gen.h | 22 +++++++++--
net/netfilter/ipset/ip_set_hash_ip.c | 33 ++++++++--------
net/netfilter/ipset/ip_set_hash_ipmark.c | 43 ++++++++++-----------
net/netfilter/ipset/ip_set_hash_ipport.c | 49 +++++++++++-------------
net/netfilter/ipset/ip_set_hash_ipportip.c | 40 ++++++++++----------
net/netfilter/ipset/ip_set_hash_ipportnet.c | 40 ++++++++++----------
net/netfilter/ipset/ip_set_hash_mac.c | 11 ++++--
net/netfilter/ipset/ip_set_hash_net.c | 28 ++++++++------
net/netfilter/ipset/ip_set_hash_netiface.c | 29 +++++++-------
net/netfilter/ipset/ip_set_hash_netnet.c | 30 ++++++++++-----
net/netfilter/ipset/ip_set_hash_netport.c | 38 +++++++++----------
net/netfilter/ipset/ip_set_hash_netportnet.c | 52 ++++++++++++++------------
net/netfilter/ipset/ip_set_list_set.c | 3 +-
net/netfilter/nfnetlink_queue_core.c | 2 +-
net/netfilter/nft_compat.c | 2 +
net/netfilter/x_tables.c | 18 +++------
net/netfilter/xt_TCPMSS.c | 6 +++
net/netfilter/xt_mark.c | 1 +
net/netfilter/xt_set.c | 3 +-
30 files changed, 346 insertions(+), 264 deletions(-)
next reply other threads:[~2015-05-18 16:25 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-18 16:25 Pablo Neira Ayuso [this message]
2015-05-18 16:25 ` [PATCH 01/21] netfilter: ipset: Fix sparse warning Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 02/21] netfilter: ipset: Give a better name to a macro in ip_set_core.c Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 03/21] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 04/21] netfilter: ipset: Properly calculate extensions offsets and total length Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 05/21] netfilter: ipset: No need to make nomatch bitfield Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 06/21] netfilter: ipset: Preprocessor directices cleanup Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 07/21] netfilter: ipset: Return ipset error instead of bool Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 08/21] netfilter: ipset: Check IPSET_ATTR_PORT only once Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 09/21] netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 10/21] netfilter: ipset: Return bool values instead of int Pablo Neira Ayuso
2015-05-18 16:31 ` Joe Perches
2015-05-18 16:52 ` Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 11/21] netfilter: ipset: Check for comment netlink attribute length Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 12/21] netfilter: ipset: Fix ext_*() macros Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 13/21] netfilter: ipset: Fix hashing for ipv6 sets Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 14/21] netfilter: ipset: Improve preprocessor macros checks Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 15/21] netfilter: ipset: Use better include files in xt_set.c Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 16/21] netfilter: bridge: neigh_head and physoutdev can't be used at same time Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 17/21] netfilter: bridge: free nf_bridge info on xmit Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 18/21] netfilter: ipset: deinline ip_set_put_extensions() Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 19/21] netfilter: xt_MARK: Add ARP support Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 20/21] netfilter: x_tables: add context to know if extension runs from nft_compat Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 21/21] netfilter: Use correct return for seq_show functions Pablo Neira Ayuso
2015-05-18 18:48 ` [PATCH 00/21] Netfilter updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-01-18 20:13 Pablo Neira Ayuso
2020-01-19 9:33 ` David Miller
2018-08-05 21:21 Pablo Neira Ayuso
2018-08-06 0:06 ` David Miller
2017-02-12 19:42 Pablo Neira Ayuso
2017-02-13 3:12 ` David Miller
2015-04-13 19:29 Pablo Neira Ayuso
2015-04-14 2:18 ` David Miller
2013-01-25 13:54 [PATCH 00/21] netfilter " pablo
2013-01-27 5:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431966324-4494-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.